Today’s corporate environments are filled with leaps and often times hesitations, followed by even larger leaps toward cloud deployment. But about those hesitations: from fears about IT jobs being outsourced to security concerns and questions about the most effective ways to centrally manage a cloud solution, apprehensions can run far and wide.

IT Innovators recently caught up with John Webster, analyst at Evaluator Group, to chat about some of the most common assumptions about the cloud and what factors should instead be top of mind for a more effective cloud deployment.

What would you say is the most common assumption about the cloud? What’s driving this, and what do you believe is the truth behind the concern?

I think one topic that really needs to be examined in more detail is the issue of security in the cloud, particularly the public cloud. There are a couple things going on that are changing people’s perceptions about security in the cloud. First, the more you understand the cloud, how to use it and which provider you want to work with, the less security becomes an issue. The best thing you can do for security as an issue is to get more experience working with the cloud. More experienced users have a tendency to view security as less of an issue. They realize that things like finding people to actually administer a cloud IT environment is the number 1 priority. Security seems to fall down the list.

What steps can IT professionals take to calm security concerns?

The good cloud service providers have heard that security is an issue. They are more than aware of it, and they’ve taken measures to address the problem. Sometimes, enterprise IT users have acknowledged security in the cloud to actually be better than their own Internet security and have moved apps to the cloud because of that. Now, some people are more concerned about the communication links in between getting from their location to the cloud service provider and back as being a bigger security concern than the cloud provider itself. My advice is to talk to the cloud vendor to address those concerns.

Are there any misconceptions about shadow IT, or the concept of employees using cloud applications that haven’t been authorized internally for use, and what are corporations doing to address this phenomenon?

Enterprises have seen this cloud creep, if you will, or proliferation of cloud usage and have encountered issues with that. For example, the cost of all these clouds start to get out of control if they’re not managed. You’ve got contracts, commitments, but you start to sense that every department now gets a cloud and questions arise, like: what kind of control are we exerting over this, and if we are not exerting any kind of control, should we manage this centrally? While the shift to the cloud began as a shadow IT phenomenon, meaning that employees were using unsanctioned cloud and mobile apps without corporations being fully aware, it’s now becoming a centralized IT-administered phenomenon because of cost and governance reasons. If we’re going to put sensitive data in the cloud, we need to know the nature of that data, the service provider and whether or not we even have the authority to put some kinds of data in the cloud without running the risk of exposure to regulatory agencies.

As more companies shift toward taking a centralized position to cloud management, what kinds of things should be on their radar?

People are starting to understand that they can use the cloud resources much more efficiently if they know from a centralized position what it is they need. This includes what kinds of contracts they will negotiate, what kind of pricing is available, and how to best manage pricing. Weighing these types of questions will allow IT professionals to make the most effective use of the cloud.

Renee Morad is a freelance writer and editor based in New Jersey. Her work has appeared in The New York Times, Discovery News, Business Insider, Ozy.com, NPR, MainStreet.com, and other outlets. If you have a story you would like profiled, contact her at renee.morad@gmail.com.

The IT Innovators series of articles is underwritten by Microsoft, and is editorially independent.